Tag: Insider Threats

Threats to your data and security don’t always start on the outside, orchestrated by a shadowy group of foreign hackers. Many times, it’s actors within an organization who carry out sophisticated and malicious attacks designed to steal money or IP — or both. While visions of Edward Snowden and Chelsea Manning come to mind when people think of a typical internal threat, it’s actually the low-profile, everyday internal attackers that companies should be most worried about.

What if one day you came home and a bunch of your valuables had been stolen: computers, jewelry, that big screen TV… When you call the police to report the burglary, the first thing they will ask for to begin the investigation is context:

What time did it happen?

Was there a break-in? If not, who had keys to your house?

Where were your valuables being stored?

The more information they have, the better the chances they they will track down the culprit and get your stuff back. Now, if you have a home surveillance system set up—say, a Dropcam or Canary —they’re going to have even more information to work with: timestamps, video footage, audio, etc.

All in all – the more context you have, the better. The same applies to cloud security. When something goes awry, context is what guides you about what to do, where to start investigate, who’s at fault?

As National Cyber Security Awareness month comes to a close, it seems appropriate to reflect on the state of cyber security today. The ugly truth is that the cyber threat environment has never been more volatile. Breaches are commonplace, headlines on data loss and sophisticated hacks bombard us daily and technology continues to progress and move forward, in spite of security concerns and compromise. A huge portion of the general population’s personal data is exposed and, while seemingly everyone is aware there’s a problem, few are willing to take the preventative measures necessary to stop it.

A developer or operator leaving your company is always a harrowing event. More than likely they had access to your production environment, so you engage your standardized process for revoking their access. But how can you be sure everything is truly cleaned up, regardless of whether you suspect they would be malicious or not?